cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1455259 [2/2] - in /cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/ policy/interceptors/ wss4j/ wss4j/policyhandlers/ wss4j/policyvalidators/
Date Mon, 11 Mar 2013 17:52:37 GMT
Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java?rev=1455259&r1=1455258&r2=1455259&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
Mon Mar 11 17:52:36 2013
@@ -26,6 +26,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
@@ -55,16 +56,25 @@ public class EndorsingEncryptedTokenPoli
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais == null || ais.isEmpty()) {                       
-            return true;
-        }
-        
         setMessage(message);
         setResults(results);
         setSignedResults(signedResults);
         setEncryptedResults(encryptedResults);
-
+        
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message);
+        }
+        
+        ais = aim.get(SP11Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message);
+        }
+        
+        return true;
+    }
+    
+    private void parsePolicies(Collection<AssertionInfo> ais, Message message) {
         for (AssertionInfo ai : ais) {
             SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);
@@ -120,8 +130,6 @@ public class EndorsingEncryptedTokenPoli
                 }
             }
         }
-        
-        return true;
     }
     
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java?rev=1455259&r1=1455258&r2=1455259&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
Mon Mar 11 17:52:36 2013
@@ -26,6 +26,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
@@ -55,16 +56,25 @@ public class EndorsingTokenPolicyValidat
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
-        if (ais == null || ais.isEmpty()) {                       
-            return true;
-        }
-        
         setMessage(message);
         setResults(results);
         setSignedResults(signedResults);
         setEncryptedResults(encryptedResults);
 
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message);
+        }
+        
+        ais = aim.get(SP11Constants.ENDORSING_SUPPORTING_TOKENS);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message);
+        }
+        
+        return true;
+    }
+    
+    private void parsePolicies(Collection<AssertionInfo> ais, Message message) {
         for (AssertionInfo ai : ais) {
             SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);
@@ -119,8 +129,6 @@ public class EndorsingTokenPolicyValidat
                 }
             }
         }
-        
-        return true;
     }
     
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java?rev=1455259&r1=1455258&r2=1455259&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
Mon Mar 11 17:52:36 2013
@@ -25,6 +25,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.message.token.KerberosSecurity;
+import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.model.KerberosToken;
 import org.apache.wss4j.policy.model.KerberosToken.ApReqTokenType;
@@ -49,23 +50,33 @@ public class KerberosTokenPolicyValidato
     ) {
         Collection<AssertionInfo> krbAis = aim.get(SP12Constants.KERBEROS_TOKEN);
         if (krbAis != null && !krbAis.isEmpty()) {
-            for (AssertionInfo ai : krbAis) {
-                KerberosToken kerberosTokenPolicy = (KerberosToken)ai.getAssertion();
-                ai.setAsserted(true);
-                
-                if (!isTokenRequired(kerberosTokenPolicy, message)) {
-                    continue;
-                }
-                
-                if (!checkToken(kerberosTokenPolicy, kerberosToken)) {
-                    ai.setNotAsserted("An incorrect Kerberos Token Type is detected");
-                    continue;
-                }
-            }
+            parsePolicies(krbAis, kerberosToken);
+        }
+        
+        krbAis = aim.get(SP11Constants.KERBEROS_TOKEN);
+        if (krbAis != null && !krbAis.isEmpty()) {
+            parsePolicies(krbAis, kerberosToken);
         }
+        
         return true;
     }
     
+    private void parsePolicies(Collection<AssertionInfo> ais, KerberosSecurity kerberosToken)
{
+        for (AssertionInfo ai : ais) {
+            KerberosToken kerberosTokenPolicy = (KerberosToken)ai.getAssertion();
+            ai.setAsserted(true);
+            
+            if (!isTokenRequired(kerberosTokenPolicy, message)) {
+                continue;
+            }
+            
+            if (!checkToken(kerberosTokenPolicy, kerberosToken)) {
+                ai.setNotAsserted("An incorrect Kerberos Token Type is detected");
+                continue;
+            }
+        }
+    }
+    
     private boolean checkToken(KerberosToken kerberosTokenPolicy, KerberosSecurity kerberosToken)
{
         ApReqTokenType apReqTokenType = kerberosTokenPolicy.getApReqTokenType();
 

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java?rev=1455259&r1=1455258&r2=1455259&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java
Mon Mar 11 17:52:36 2013
@@ -37,6 +37,7 @@ import org.apache.wss4j.common.saml.Saml
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.model.SamlToken;
 import org.apache.wss4j.policy.model.SamlToken.SamlTokenType;
@@ -57,14 +58,29 @@ public class SamlTokenPolicyValidator ex
         List<WSSecurityEngineResult> results,
         List<WSSecurityEngineResult> signedResults
     ) {
+        body = soapBody;
+        signed = signedResults;
+        
         Collection<AssertionInfo> ais = aim.get(SP12Constants.SAML_TOKEN);
-        if (ais == null || ais.isEmpty()) {
-            return true;
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(aim, ais, message, results, signedResults);
         }
         
-        body = soapBody;
-        signed = signedResults;
+        ais = aim.get(SP11Constants.SAML_TOKEN);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(aim, ais, message, results, signedResults);
+        }
         
+        return true;
+    }
+    
+    private void parsePolicies(
+        AssertionInfoMap aim, 
+        Collection<AssertionInfo> ais, 
+        Message message,
+        List<WSSecurityEngineResult> results,
+        List<WSSecurityEngineResult> signedResults
+    ) {
         List<WSSecurityEngineResult> samlResults = new ArrayList<WSSecurityEngineResult>();
         WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_SIGNED, samlResults);
         WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_UNSIGNED, samlResults);
@@ -113,8 +129,6 @@ public class SamlTokenPolicyValidator ex
                  */
             }
         }
-        
-        return true;
     }
     
     /**

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java?rev=1455259&r1=1455258&r2=1455259&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java
Mon Mar 11 17:52:36 2013
@@ -31,6 +31,7 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.model.SecurityContextToken;
 
@@ -48,10 +49,23 @@ public class SecurityContextTokenPolicyV
         List<WSSecurityEngineResult> signedResults
     ) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURITY_CONTEXT_TOKEN);
-        if (ais == null || ais.isEmpty()) {
-            return true;
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message, results);
+        }
+        
+        ais = aim.get(SP11Constants.SECURITY_CONTEXT_TOKEN);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message, results);
         }
 
+        return true;
+    }
+    
+    private void parsePolicies(
+        Collection<AssertionInfo> ais, 
+        Message message,
+        List<WSSecurityEngineResult> results
+    ) {
         List<WSSecurityEngineResult> sctResults = new ArrayList<WSSecurityEngineResult>();
         WSSecurityUtil.fetchAllActionResults(results, WSConstants.SCT, sctResults);
 
@@ -70,7 +84,5 @@ public class SecurityContextTokenPolicyV
                 continue;
             }
         }
-        return true;
     }
-    
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java?rev=1455259&r1=1455258&r2=1455259&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
Mon Mar 11 17:52:36 2013
@@ -26,6 +26,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.IssuedToken;
@@ -54,16 +55,25 @@ public class SignedEncryptedTokenPolicyV
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais == null || ais.isEmpty()) {                       
-            return true;
-        }
-
         setMessage(message);
         setResults(results);
         setSignedResults(signedResults);
         setEncryptedResults(encryptedResults);
         
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message);
+        }
+        
+        ais = aim.get(SP11Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message);
+        }
+        
+        return true;
+    }
+    
+    private void parsePolicies(Collection<AssertionInfo> ais, Message message) {
         for (AssertionInfo ai : ais) {
             SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);
@@ -116,8 +126,7 @@ public class SignedEncryptedTokenPolicyV
                 }
             }
         }
-        
-        return true;
     }
     
+    
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java?rev=1455259&r1=1455258&r2=1455259&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
Mon Mar 11 17:52:36 2013
@@ -26,6 +26,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
@@ -56,16 +57,25 @@ public class SignedEndorsingEncryptedTok
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais == null || ais.isEmpty()) {                       
-            return true;
-        }
-
         setMessage(message);
         setResults(results);
         setSignedResults(signedResults);
         setEncryptedResults(encryptedResults);
         
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        if (ais != null && !ais.isEmpty()) {                       
+            parsePolicies(ais, message);
+        }
+        
+        ais = aim.get(SP11Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        if (ais != null && !ais.isEmpty()) {                       
+            parsePolicies(ais, message);
+        }
+        
+        return true;
+    }
+    
+    private void parsePolicies(Collection<AssertionInfo> ais, Message message) {
         for (AssertionInfo ai : ais) {
             SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);
@@ -121,8 +131,6 @@ public class SignedEndorsingEncryptedTok
                 }
             }
         }
-        
-        return true;
     }
     
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java?rev=1455259&r1=1455258&r2=1455259&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
Mon Mar 11 17:52:36 2013
@@ -26,6 +26,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
@@ -55,16 +56,25 @@ public class SignedEndorsingTokenPolicyV
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
-        if (ais == null || ais.isEmpty()) {                       
-            return true;
-        }
-        
         setMessage(message);
         setResults(results);
         setSignedResults(signedResults);
         setEncryptedResults(encryptedResults);
 
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message);
+        }
+        
+        ais = aim.get(SP11Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message);
+        }
+        
+        return true;
+    }
+    
+    private void parsePolicies(Collection<AssertionInfo> ais, Message message) {
         for (AssertionInfo ai : ais) {
             SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);
@@ -119,8 +129,6 @@ public class SignedEndorsingTokenPolicyV
                 }
             }
         }
-        
-        return true;
     }
     
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java?rev=1455259&r1=1455258&r2=1455259&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
Mon Mar 11 17:52:36 2013
@@ -26,6 +26,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.IssuedToken;
@@ -53,16 +54,25 @@ public class SignedTokenPolicyValidator 
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
-        if (ais == null || ais.isEmpty()) {                       
-            return true;
-        }
-        
         setMessage(message);
         setResults(results);
         setSignedResults(signedResults);
         setEncryptedResults(encryptedResults);
         
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message);
+        }
+        
+        ais = aim.get(SP11Constants.SIGNED_SUPPORTING_TOKENS);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message);
+        }
+        
+        return true;
+    }
+    
+    private void parsePolicies(Collection<AssertionInfo> ais, Message message) {
         for (AssertionInfo ai : ais) {
             SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);
@@ -114,10 +124,6 @@ public class SignedTokenPolicyValidator 
                     continue;
                 }
             }
-
         }
-        
-        return true;
     }
-    
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java?rev=1455259&r1=1455258&r2=1455259&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
Mon Mar 11 17:52:36 2013
@@ -29,6 +29,7 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.model.SymmetricBinding;
 
@@ -46,10 +47,27 @@ public class SymmetricBindingPolicyValid
         List<WSSecurityEngineResult> encryptedResults
     ) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
-        if (ais == null || ais.isEmpty()) {                       
-            return true;
+        if (ais != null && !ais.isEmpty()) {                       
+            parsePolicies(aim, ais, message, soapBody, results, signedResults, encryptedResults);
         }
         
+        ais = aim.get(SP11Constants.SYMMETRIC_BINDING);
+        if (ais != null && !ais.isEmpty()) {                       
+            parsePolicies(aim, ais, message, soapBody, results, signedResults, encryptedResults);
+        }
+        
+        return true;
+    }
+    
+    private void parsePolicies(
+        AssertionInfoMap aim,
+        Collection<AssertionInfo> ais, 
+        Message message,
+        Element soapBody,
+        List<WSSecurityEngineResult> results,
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
+    ) {
         boolean hasDerivedKeys = false;
         for (WSSecurityEngineResult result : results) {
             Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
@@ -78,8 +96,6 @@ public class SymmetricBindingPolicyValid
                 continue;
             }
         }
-        
-        return true;
     }
     
     /**

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java?rev=1455259&r1=1455258&r2=1455259&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
Mon Mar 11 17:52:36 2013
@@ -32,6 +32,7 @@ import org.apache.cxf.security.transport
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.model.Layout;
 import org.apache.wss4j.policy.model.Layout.LayoutType;
@@ -51,9 +52,36 @@ public class TransportBindingPolicyValid
         List<WSSecurityEngineResult> encryptedResults
     ) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
-        if (ais == null || ais.isEmpty()) {                       
-            return true;
+        boolean policyFound = false;
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(aim, ais, message, results, signedResults);
+            policyFound = true;
         }
+        
+        ais = aim.get(SP11Constants.TRANSPORT_BINDING);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(aim, ais, message, results, signedResults);
+            policyFound = true;
+        }
+        
+        // We don't need to check these policies for the Transport binding
+        if (policyFound) {
+            assertPolicy(aim, SP12Constants.ENCRYPTED_PARTS);
+            assertPolicy(aim, SP11Constants.ENCRYPTED_PARTS);
+            assertPolicy(aim, SP12Constants.SIGNED_PARTS);
+            assertPolicy(aim, SP11Constants.SIGNED_PARTS);
+        }
+        
+        return true;
+    }
+    
+    private void parsePolicies(
+        AssertionInfoMap aim,
+        Collection<AssertionInfo> ais, 
+        Message message,
+        List<WSSecurityEngineResult> results,
+        List<WSSecurityEngineResult> signedResults
+    ) {
         for (AssertionInfo ai : ais) {
             TransportBinding binding = (TransportBinding)ai.getAssertion();
             ai.setAsserted(true);
@@ -76,7 +104,7 @@ public class TransportBindingPolicyValid
             if (!algorithmValidator.validatePolicy(ai, binding.getAlgorithmSuite())) {
                 continue;
             }
-            assertPolicy(aim, SP12Constants.ALGORITHM_SUITE);
+            assertPolicy(aim, binding.getAlgorithmSuite());
             String namespace = binding.getAlgorithmSuite().getVersion().getNamespace();
             String name = binding.getAlgorithmSuite().getAlgorithmSuiteType().getName();
             Collection<AssertionInfo> algSuiteAis = aim.get(new QName(namespace, name));
@@ -92,26 +120,26 @@ public class TransportBindingPolicyValid
                 continue;
             }
             assertPolicy(aim, SP12Constants.INCLUDE_TIMESTAMP);
+            assertPolicy(aim, SP11Constants.INCLUDE_TIMESTAMP);
             
             // Check the Layout
             Layout layout = binding.getLayout();
             LayoutType layoutType = layout.getLayoutType();
             boolean timestampFirst = layoutType == LayoutType.LaxTsFirst;
             boolean timestampLast = layoutType == LayoutType.LaxTsLast;
-            if (!validateLayout(aim, timestampFirst, timestampLast, results)) {
+            if (!validateLayout(timestampFirst, timestampLast, results)) {
                 String error = "Layout does not match the requirements";
-                notAssertPolicy(aim, SP12Constants.LAYOUT, error);
+                notAssertPolicy(aim, binding.getLayout(), error);
                 ai.setNotAsserted(error);
                 continue;
             }
-            assertPolicy(aim, SP12Constants.LAYOUT);
+            assertPolicy(aim, binding.getLayout());
+            assertPolicy(aim, SP12Constants.LAX);
+            assertPolicy(aim, SP12Constants.STRICT);
+            assertPolicy(aim, SP11Constants.LAX);
+            assertPolicy(aim, SP11Constants.STRICT);
         }
-        
-        // We don't need to check these policies for the Transport binding
-        assertPolicy(aim, SP12Constants.ENCRYPTED_PARTS);
-        assertPolicy(aim, SP12Constants.SIGNED_PARTS);
-        
-        return true;
+
     }
     
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java?rev=1455259&r1=1455258&r2=1455259&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
Mon Mar 11 17:52:36 2013
@@ -34,6 +34,7 @@ import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.message.token.UsernameToken;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SP13Constants;
 import org.apache.wss4j.policy.SPConstants;
@@ -55,10 +56,30 @@ public class UsernameTokenPolicyValidato
         List<WSSecurityEngineResult> signedResults
     ) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.USERNAME_TOKEN);
-        if (ais == null || ais.isEmpty()) {
-            return true;
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message, results);
         }
         
+        ais = aim.get(SP11Constants.USERNAME_TOKEN);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message, results);
+        }
+        
+        assertPolicy(aim, new QName(SP13Constants.SP_NS, SP12Constants.CREATED));
+        assertPolicy(aim, new QName(SP13Constants.SP_NS, SP12Constants.NONCE));
+        assertPolicy(aim, SP12Constants.NO_PASSWORD);
+        assertPolicy(aim, SP12Constants.HASH_PASSWORD);
+        assertPolicy(aim, SP12Constants.WSS_USERNAME_TOKEN10);
+        assertPolicy(aim, SP12Constants.WSS_USERNAME_TOKEN11);
+        
+        return true;
+    }
+    
+    private void parsePolicies(
+        Collection<AssertionInfo> ais, 
+        Message message,
+        List<WSSecurityEngineResult> results
+    ) {
         List<WSSecurityEngineResult> utResults = new ArrayList<WSSecurityEngineResult>();
         WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT, utResults);
         WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT_NOPASSWORD, utResults);
@@ -82,15 +103,6 @@ public class UsernameTokenPolicyValidato
                 continue;
             }
         }
-        
-        assertPolicy(aim, new QName(SP13Constants.SP_NS, SP12Constants.CREATED));
-        assertPolicy(aim, new QName(SP13Constants.SP_NS, SP12Constants.NONCE));
-        assertPolicy(aim, SP12Constants.NO_PASSWORD);
-        assertPolicy(aim, SP12Constants.HASH_PASSWORD);
-        assertPolicy(aim, SP12Constants.WSS_USERNAME_TOKEN10);
-        assertPolicy(aim, SP12Constants.WSS_USERNAME_TOKEN11);
-        
-        return true;
     }
     
     /**

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java?rev=1455259&r1=1455258&r2=1455259&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java
Mon Mar 11 17:52:36 2013
@@ -32,6 +32,7 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.model.Wss11;
 
@@ -48,10 +49,23 @@ public class WSS11PolicyValidator implem
         List<WSSecurityEngineResult> signedResults
     ) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.WSS11);
-        if (ais == null || ais.isEmpty()) {
-            return true;
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message, results);
         }
         
+        ais = aim.get(SP11Constants.WSS11);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message, results);
+        }
+        
+        return true;
+    }
+    
+    private void parsePolicies(
+        Collection<AssertionInfo> ais, 
+        Message message,  
+        List<WSSecurityEngineResult> results
+    ) {
         List<WSSecurityEngineResult> scResults = new ArrayList<WSSecurityEngineResult>();
         WSSecurityUtil.fetchAllActionResults(results, WSConstants.SC, scResults);
         
@@ -70,7 +84,6 @@ public class WSS11PolicyValidator implem
                 continue;
             }
         }
-        return true;
     }
     
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java?rev=1455259&r1=1455258&r2=1455259&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
Mon Mar 11 17:52:36 2013
@@ -32,6 +32,7 @@ import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.message.token.BinarySecurity;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.model.X509Token;
 import org.apache.wss4j.policy.model.X509Token.TokenType;
@@ -52,10 +53,36 @@ public class X509TokenPolicyValidator ex
         List<WSSecurityEngineResult> signedResults
     ) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.X509_TOKEN);
-        if (ais == null || ais.isEmpty()) {
-            return true;
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message, results);
         }
         
+        ais = aim.get(SP11Constants.X509_TOKEN);
+        if (ais != null && !ais.isEmpty()) {
+            parsePolicies(ais, message, results);
+        }
+        
+        assertPolicy(aim, SP12Constants.WSS_X509_PKI_PATH_V1_TOKEN_10);
+        assertPolicy(aim, SP11Constants.WSS_X509_PKI_PATH_V1_TOKEN_10);
+        assertPolicy(aim, SP12Constants.WSS_X509_PKI_PATH_V1_TOKEN_11);
+        assertPolicy(aim, SP11Constants.WSS_X509_PKI_PATH_V1_TOKEN_11);
+        assertPolicy(aim, SP12Constants.WSS_X509_V1_TOKEN_10);
+        assertPolicy(aim, SP11Constants.WSS_X509_V1_TOKEN_10);
+        assertPolicy(aim, SP12Constants.WSS_X509_V1_TOKEN_11);
+        assertPolicy(aim, SP11Constants.WSS_X509_V1_TOKEN_11);
+        assertPolicy(aim, SP12Constants.WSS_X509_V3_TOKEN_10);
+        assertPolicy(aim, SP11Constants.WSS_X509_V3_TOKEN_10);
+        assertPolicy(aim, SP12Constants.WSS_X509_V3_TOKEN_11);
+        assertPolicy(aim, SP11Constants.WSS_X509_V3_TOKEN_11);
+        
+        return true;
+    }
+    
+    private void parsePolicies(
+        Collection<AssertionInfo> ais, 
+        Message message,
+        List<WSSecurityEngineResult> results
+    ) {
         List<WSSecurityEngineResult> bstResults = new ArrayList<WSSecurityEngineResult>();
         WSSecurityUtil.fetchAllActionResults(results, WSConstants.BST, bstResults);
         
@@ -79,15 +106,6 @@ public class X509TokenPolicyValidator ex
                 continue;
             }
         }
-        
-        assertPolicy(aim, SP12Constants.WSS_X509_PKI_PATH_V1_TOKEN_10);
-        assertPolicy(aim, SP12Constants.WSS_X509_PKI_PATH_V1_TOKEN_11);
-        assertPolicy(aim, SP12Constants.WSS_X509_V1_TOKEN_10);
-        assertPolicy(aim, SP12Constants.WSS_X509_V1_TOKEN_11);
-        assertPolicy(aim, SP12Constants.WSS_X509_V3_TOKEN_10);
-        assertPolicy(aim, SP12Constants.WSS_X509_V3_TOKEN_11);
-        
-        return true;
     }
     
     /**



Mime
View raw message